Browser-in-the-Browser (BitB)
A sophisticated phishing technique that renders a fake, interactive browser window inside a legitimate webpage to steal Single Sign-On (SSO) credentials.
Overview
BitB is one of the most visually deceptive phishing attacks ever created. Instead of redirecting a user to a fake website, the attacker uses HTML/CSS to draw a fake pop-up window (complete with a fake URL bar, valid padlock, and Microsoft/Google branding) over the current page. Because the actual parent URL hasn't changed and might even be benign, traditional URL scanners see no threat. PhiShark's Agentic AI crushes BitB attacks by employing deep Computer Vision to detect the structural anomalies of the rendered pop-up, recognizing that the 'browser window' is actually just drawn on the canvas.
Real-World Examples
- ▸A fake 'Log in with Google' pop-up window appearing on a compromised blog
- ▸Simulated Microsoft 365 SSO prompts bypassing visual inspection
- ▸Fake CAPTCHA verifications that actually steal credentials
Related Terms
Protect Against Browser-in-the-Browser (BitB)
PhiShark's agentic AI detects and analyzes threats in real-time
Start Free Trial